1e1c1a3c12caa8e34c3500483d62e1d7 | Triage

Sharing

General

Target

1e1c1a3c12caa8e34c3500483d62e1d7
Size

64KB
MD5

1e1c1a3c12caa8e34c3500483d62e1d7
SHA1

e3b0a2f115b1881078b2c3cc23a6961913602e2a
SHA256

e402f0a7ab32f7353096aeab6e165c4ec60c6d92444788eb037fc36ff82b8d5c
SHA512

1bd3046739e82c2d0d5e919d5d7b44eda9db739d9da4dedebfd83c616312885bd052e8ecfdd0ce0d01aea1d0c80af5570ba472ece81587f200193b3159c83833
SSDEEP

768:hWa+xt+RditVznL1K/t/JQ0+x70EkUfd6pfLHWCPDugn:hWai+RditVzn5K/kl7F65WCPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e1c1a3c12caa8e34c3500483d62e1d7

Files

1e1c1a3c12caa8e34c3500483d62e1d7
.dll windows:4 windows x86 arch:x86

458bff1331382dd6c181ffd6877ebe19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapDestroy
GetProcessHeap
HeapFree
IsBadStringPtrA
Beep
HeapReAlloc
HeapAlloc

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
NdrAsyncServerCall
UuidFromStringW
RpcRevertToSelfEx

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1B

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ